USN-3964-1: python-gnupg vulnerabilities
USN-3964-1: python-gnupg vulnerabilities python-gnupg vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.04 Ubuntu 18.10 Ubuntu 18.04 LTS Summary Several security issues were fixed in python-gnupg Software Description python-gnupg – Python wrapper for the GNU Privacy Guard Details Marcus Brinkmann discovered that GnuPG before 2.2.8 improperly handled certain command line parameters. A remote attacker could use this to spoof the output of GnuPG and cause unsigned e-mail to appear signed. (CVE-2018-12020) It was discovered that python-gnupg incorrectly handled the GPG passphrase. A remote attacker could send a specially crafted passphrase that would allow them to control the output of encryption and decryption operations. (CVE-2019-6690) Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.04 python-gnupg – 0.4.3-1ubuntu1.19.04.1 python3-gnupg – 0.4.3-1ubuntu1.19.04.1 Ubuntu 18.10 python-gnupg – 0.4.1-1ubuntu1.18.10.1 python3-gnupg – [ more… ]